The above shows us that this form is to be submitted to path “./” and requires inputs username and password. We can parse this HTML andperform a brute-force of these input fields with the help of a password list file. Here is the script:

So I decided to use this script on a web server on my network. It has a landing page where the user has to authenticate to gain admin access. This was HTML Authentication Form that I had to parse and brute-force with passwords derived from my custom password list file. Here is the output:

Now, that’s cool! Obviously, there are many areas where this script can be improved on like adding HTTPS support or having more robust error checking/ handling techniques. However; its a a good starting point!